Install Java and Java Web Start ( IcedTea plugin ) on Fedora ( version 17 in this case ):
$ sudo yum install icedtea-web
You man want to disable SELinux first.
$ sudo setenforce 0
Start Firefox from the command line. And then open the VPN login page:
$ firefox
Now enter your user/password in the browser. After a while it will launch the Applet and ask for confirmation. Once that is done, it will also ask for root password to install some software on the system.
$ firefox
java version "1.7.0_19"
OpenJDK Runtime Environment (fedora-2.3.9.4.fc17-x86_64)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
Calling Super Init.
/home/tuxdna/.juniper_networks
Here is the standard output of the command:
Service needs to be installed for the first time
calling /home/tuxdna/.juniper_networks/network_connect/installNC.sh
Here is the standard error of the command (if any):
in get Proxy info..
linux_start_script=
linux_end_script=
notification_message= null
always_show_notification_msg= null
dnsSuffix=
para 0 is /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java
para 1 is -classpath
para 2 is /home/tuxdna/.juniper_networks/network_connect/NC.jar
para 3 is NC
para 4 is -h
para 5 is vpn.example.com
para 6 is -n
para 7 is
para 8 is -t
para 9 is
para 10 is -x
DSID=a76e
Launching "/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java" "-classpath" "/home/tuxdna/.juniper_networks/network_connect/NC.jar" "NC" "-h" "vpn.example.com "-n" "" "-t" "" "-x"
Res: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java -classpath /home/tuxdna/.juniper_networks/network_connect/NC.jar NC -h vpn.example.com -n -t -x
It installs the software on home folder of the current user:
$ cd ~
These are the list of files/folders which were setup by the java application.
$ find .juniper_networks/
.juniper_networks/
.juniper_networks/whitelist.txt
.juniper_networks/network_connect
.juniper_networks/network_connect/ncsvc
.juniper_networks/network_connect/installnc.log
.juniper_networks/network_connect/NC.jar
.juniper_networks/network_connect/xlaunchNC.sh
.juniper_networks/network_connect/libncui.so
.juniper_networks/network_connect/version.txt
.juniper_networks/network_connect/installNC.sh
.juniper_networks/network_connect/ncdiag
.juniper_networks/ncLinuxApp.jar
Setting up the service binary that creates a VPN tunnel.
$ sudo ldd ./ncsvc
[sudo] password for tuxdna:
not a dynamic executable
$ sudo file ./ncsvc
./ncsvc: setuid setgid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, stripped
Its a 32bit binary, so we need to install some dependencies.
$ sudo yum install -y glibc.i686 zlib.i686 libgcc.i686
$ sudo ldd ./ncsvc
linux-gate.so.1 => (0xf77d4000)
libdl.so.2 => /lib/libdl.so.2 (0xf77b9000)
libz.so.1 => /lib/libz.so.1 (0xf77a3000)
libpthread.so.0 => /lib/libpthread.so.0 (0xf7789000)
libm.so.6 => /lib/libm.so.6 (0xf775e000)
libc.so.6 => /lib/libc.so.6 (0xf75ab000)
/lib/ld-linux.so.2 (0xf77d5000)
Now fetch the SSL certificate.
$ openssl s_client -connect vpn.example.com:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform der > cert.der
$ ls
cert.der installnc.log installNC.sh juniper-connect.sh libncui.so ncdiag NC.jar ncsvc version.txt xlaunchNC.sh
Download the connection script
$ cd ~/.juniper_networks/network_connect
$ wget -c https://gist.github.com/tuxdna/5926015/raw/0ccd69d46b0c7340ae592f80a5c91509a54e1abb/juniper-connect.sh
Modify HOST, USERNAME and REALM in the script download just now.
Now connect
$ sudo bash juniper-connect.sh
[sudo] password for tuxdna:
Please enter VPN password:
Now connecting to VPN
Connecting to vpn.example.com : 443
Install Java and Java Web Start ( IcedTea plugin ) on Fedora ( version 17 in this case ):
$ sudo yum install icedtea-web
You man want to disable SELinux first.
$ sudo setenforce 0
Start Firefox from the command line. And then open the VPN login page:
$ firefox
Now enter your user/password in the browser. After a while it will launch the Applet and ask for confirmation. Once that is done, it will also ask for root password to install some software on the system.
$ firefox
java version "1.7.0_19"
OpenJDK Runtime Environment (fedora-2.3.9.4.fc17-x86_64)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
Calling Super Init.
/home/tuxdna/.juniper_networks
Here is the standard output of the command:
Service needs to be installed for the first time
calling /home/tuxdna/.juniper_networks/network_connect/installNC.sh
Here is the standard error of the command (if any):
in get Proxy info..
linux_start_script=
linux_end_script=
notification_message= null
always_show_notification_msg= null
dnsSuffix=
para 0 is /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java
para 1 is -classpath
para 2 is /home/tuxdna/.juniper_networks/network_connect/NC.jar
para 3 is NC
para 4 is -h
para 5 is vpn.example.com
para 6 is -n
para 7 is
para 8 is -t
para 9 is
para 10 is -x
DSID=a76e
Launching "/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java" "-classpath" "/home/tuxdna/.juniper_networks/network_connect/NC.jar" "NC" "-h" "vpn.example.com "-n" "" "-t" "" "-x"
Res: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java -classpath /home/tuxdna/.juniper_networks/network_connect/NC.jar NC -h vpn.example.com -n -t -x
It installs the software on home folder of the current user:
$ cd ~
These are the list of files/folders which were setup by the java application.
$ find .juniper_networks/
.juniper_networks/
.juniper_networks/whitelist.txt
.juniper_networks/network_connect
.juniper_networks/network_connect/ncsvc
.juniper_networks/network_connect/installnc.log
.juniper_networks/network_connect/NC.jar
.juniper_networks/network_connect/xlaunchNC.sh
.juniper_networks/network_connect/libncui.so
.juniper_networks/network_connect/version.txt
.juniper_networks/network_connect/installNC.sh
.juniper_networks/network_connect/ncdiag
.juniper_networks/ncLinuxApp.jar
Setting up the service binary that creates a VPN tunnel.
$ sudo ldd ./ncsvc
[sudo] password for tuxdna:
not a dynamic executable
$ sudo file ./ncsvc
./ncsvc: setuid setgid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, stripped
Its a 32bit binary, so we need to install some dependencies.
$ sudo yum install -y glibc.i686 zlib.i686 libgcc.i686
$ sudo ldd ./ncsvc
linux-gate.so.1 => (0xf77d4000)
libdl.so.2 => /lib/libdl.so.2 (0xf77b9000)
libz.so.1 => /lib/libz.so.1 (0xf77a3000)
libpthread.so.0 => /lib/libpthread.so.0 (0xf7789000)
libm.so.6 => /lib/libm.so.6 (0xf775e000)
libc.so.6 => /lib/libc.so.6 (0xf75ab000)
/lib/ld-linux.so.2 (0xf77d5000)
Now fetch the SSL certificate.
$ openssl s_client -connect vpn.example.com:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform der > cert.der
$ ls
cert.der installnc.log installNC.sh juniper-connect.sh libncui.so ncdiag NC.jar ncsvc version.txt xlaunchNC.sh
Download the connection script
$ cd ~/.juniper_networks/network_connect
$ wget -c https://gist.github.com/tuxdna/5926015/raw/0ccd69d46b0c7340ae592f80a5c91509a54e1abb/juniper-connect.sh
Modify HOST, USERNAME and REALM in the script download just now.
Now connect
$ sudo bash juniper-connect.sh
[sudo] password for tuxdna:
Please enter VPN password:
Now connecting to VPN
Connecting to vpn.example.com : 443
Now compile the ncui utility.
$ cd ~/.juniper_networks/network_connect/
$ gcc -m32 -Wl,-rpath,`pwd` -o ncui libncui.so
/bin/ld: cannot find crt1.o: No such file or directory
/bin/ld: cannot find crti.o: No such file or directory
/bin/ld: skipping incompatible /usr/lib64/libc.so when searching for -lc
/bin/ld: cannot find -lc
/bin/ld: cannot find crtn.o: No such file or directory
collect2: error: ld returned 1 exit status
We need to install 32 bit version libc devel libraries.
On Ubuntu:
$ sudo apt-get install gcc-multilib libc6-i386 libc6-dev-i386
On Fedora:
$ yum install -y glibc-devel.i686 libXtst-devel-1.2.2-1.fc19.i686
Now link the ncui tool
$ gcc -m32 -Wl,-rpath,`pwd` -o ncui libncui.so
$ ./ncui
Password: <ENTER SUDO PASSWORD HERE>
usage: ncui -h host -u user -p passwd -r realm -f cert_file [-l log_level] [-L log_level]
ncui -h host -c cookies -f cert_file [-l log_level] [-L log_level] [-U sign_in_url]
ncui -v
log_level : 0 : Log Critical messages only
1 : Log Critital and Error messages
2 : Log Critital, Error and Warning messages
3 : Log Critital, Error, Warning and Info messages(default)
4 : Log All Verbose messages
5 : Log All messages
Now connect to the SSL VPN
$ ./ncui -h vpn.example.com -c DSID="YOUR_DSID_COOKIE" -f vpn.example.com-cert.der
Password: <ENTER SUDO PASSWORD HERE>
In a separate window, you can also check the configuration of the new tunner interface that is created by ncui.
Tunnel device
$ ifconfig
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400
inet TUNNEL_DEVICE_IP_ADDRES netmask 255.255.255.255 destination TUNNEL_GATEWAY_IP_ADDRESS
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 4632 bytes 3205343 (3.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5141 bytes 662182 (646.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
DNS entries
$ cat /etc/resolv.conf
search example.com sub-domain.example.com
nameserver IP_ADDRESS_DNS1
nameserver IP_ADDRESS_DNS2
Monitor what ncui process is doing:
$ sudo su -
# strace -p $(pgrep ncui)
...
) = 0 (Timeout)
time(NULL) = 1375218742
time(NULL) = 1375218742
send(6, ".............", 20, 0) = 20
send(6, ".............", 20, 0) = 20
time(NULL) = 1375218742
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}], 2, 2000) = 1 ([{fd=6, revents=POLLIN}])
time(NULL) = 1375218742
recv(6, ".............", 16384, 0) = 482
send(4, "q", 1, 0) = -1 EAGAIN (Resource temporarily unavailable)
send(4, "p", 1, 0) = -1 EAGAIN (Resource temporarily unavailable)
time(NULL) = 1375218742
time(NULL) = 1375218742
poll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}], 2, 2000
...
Invoke the command
rdesktop -r sound=local -r clipboard:CLIPBOARD -z -g '80%' -a 15 -u user.name -d DOMAINNAME -p - remote.hostname.com
Above command does the following:
- Connects to
remote.hostname.com
at domainDOMAINNAME
- With username
user.name
and password taken fromSTDIN
- Forwards remote sound to local machine
- Enables clipboard sharing
- Uses compression
- Makes the remote desktop screen to 80% of the local machine's screen
- Uses
15bit
color depth on the remote desktop
Check https://github.com/rthill/jvpn this works without installing java and i386 libs.